How to renew SSL certificate on an Azure Cloud Service?

Question

I have a cloud service SAAS application that is running on Azure using https which SSL certificate is expiring soon. I've recently obtained a new SSL certificate that I need to apply to before the expiration date.

Looking up on the web, all I found are articles about how to setup SSL certificate for Azure Cloud Service (i.e. http://www.windowsazure.com/en-us/develop/net/common-tasks/enable-ssl/) and non regarding the renewal process. At this point, I'm thinking it's the same process.

In order to avoid unnecessary issue, I'm looking for confirmation from someone else that might have already done this before and perhaps some pointers on other things that I need to be aware of.

Answer 1

1)You upload the certificate to the Service Certificates section on the Windows Azure Portal - just as you did originally.

2) You modify the Service Configuration file to provide the thumbprint of the new certificate instead of the old one. This causes the certificate to be deployed to each instance.

3) You do an in-place upgrade or (use a VIP Swap) which causes IIS to start using the new certificate.

Answer 2

First you upload the new certificate using the Management Portal - go to Certificates tab of your cloud service.

Then if you believe in in-place reconfiguration (which I don't recommend for this scenario) you can go to Configure tab, scroll down to Certificates, change the thumbprint (you can get it from the Certificates tab) and click Save. Just don't forget to update your .cscfg files so that you have the changes preserved when you redeploy.

If you don't believe in in-place reconfiguration you'll have to change your .cscfg files and deploy your service into staging with the updated .cscfg and then do VIP swap and delete the previous deployment. This is what I recommend for this scenario because should anything go wrong with in-place reconfiguration you can experience service downtime.